Yesterday, as part of the discussions related to Lemmy current inability to delete all user content I wrote a proposal: if enough people stepped up to help with funding, I’d take my work on my Fediverser project (which already has an admin web tool that “knows” how to interface with Lemmy) to solve all the GDPR-specific issues that we were raised by @[email protected]
The amount asked is, quite frankly, symbolic. I offered to work 10h/week on it if at least 20 people showed up to contribute via Github (which would be $4/month) or to signup to my instance (which access is given via a $29/year subscription). In other words, I’m saying “Give me $80/month and I will work 40 hours per month on this thing which so many of you are saying is critical to the project.”
So now that we have passed 24 hours, 58 upvotes and a handful of “that’s great!” responses, let me tell you how that translated into actual supporters:
- Zero sponsors on Github
- Zero signups on Communick.
Don’t take this as me demanding anything. I’m writing this just to illustrate the following:
-
The Tragedy of the commons is real. I can bet that at least 30% of the 60+ thousand users on Lemmy are proud owners of a pricey iPhone, and most of these are okay with paying for an app to use on their pricey iPhones, but almost none of them will even consider throwing a few bucks per year on the way of an open source developer.
-
The Outrage Mill is not a “capitalist” or even “corporate” phenomenon. People were piling on the devs yesterday for completely ignoring “such a crucial piece of functionality”, but no one actually stepped up to offer (or gather) the resources needed to have this problem solved. It’s almost as if people were getting more out of the discussion about the problem than working through a solution.
-
“Skin In The Game” is a powerful filter. No matter how much people will tell you that something is important to them, the true test is seeing how many are willing to pay the asking price. If not people are not willing to pay $2 per hour of work, then I can assume that this is not really important.
Got it. But I just wouldn’t say it’s futile. The case of a KYC Selfie is especially bad, but the case of a nude is a better example of the usefulness of implementing a federated delete request.
There’s so much porn on the fediverse. Yes, It’s conceivable that some admins will patch their instance to ignore (or specifically give special attention-to) images that have received federated delete requests from other instances – but I don’t think there’s much incentive in them doing that for nudes when there’s already a firehose of other nudes incoming.
Even in the case where the image already federated, I think that implementing better data privacy functionality for images (including federated delete requests) would significantly reduce the harm of users and instance admins in 99% of cases. It’s not futile. Reducing harm is important and worthwhile.
I’m completely onboard with making the fediverse as safe as possible. I agree with your point. We should do everything we can to improve the tools.
Honestly, the complete lack of tracking of anything that goes into pictrs is a bit baffling. We have everything in place to delete posts, entire communities, even entire accounts. But the images are completely untracked. If they were properly tied to the post as they should, this whole thing would have been a non-issue. We had that figured out on forums like 20 years ago.
The reason I think it’s futile is that the amount of work required to make it work reasonably well. Lemmy is prototype quality, none of that have been thought through at all and there’s holes everywhere. It’s barely federating to Mastodon correctly. Then of course there’s the rest of the fediverse that might not support deleting properly, or might but use a different protocol to do it, possibly with different semantics. Does Mastodon even understand that deleting a thread should delete all its children? We have Kbin that’s not federating moderation at all to Lemmy, soon we’ll have Sublinks which hopefully will implement that stuff better.
Deletes don’t even currently federate properly to defederated instances. And even if it was sent out I don’t think it gets accepted either. So if A defederates B, and a user on A deletes their account, B won’t even know. And currently some admins are regularly purging the table that would allow one to properly do that, because it quickly grows several GBs monthly and outpaces even pictrs’s growth. In case of instances leaving the fediverse like Beehaw is thinking of, that also means user deletes wouldn’t federate at all to the months of data spread across the fediverse from before defederation. Yikes.
I think this might really need a new protocol as well. Because right now, it just federates delete activities for every post/comment and it’s killed a few servers a couple times.
It’s a huge undertaking that would take a ton of volunteers or a proper fundraiser to hire people full time to work on just that. And I feel like involving the GDPR in this adds a lot more rigid and legal requirements/expectations on top. This needs the whole fediverse to join forces and agree on some sort of standard on how to handle this universally.